FREQUENTLY ASKED QUESTIONS
Auditing

 
TABLE OF CONTENTS:
 * What is internal auditing?
* How are internal audits planned?
* How are departments selected for an internal audit?
* Why us?
* How can I cooperate with Internal Audit at AUB?
* What occurs during an audit?
* Who audits the Internal Audit Office?
* Audit Process
 
Q: What is Internal Auditing?
A: Internal auditing is the process of evaluating and improving an organization's operations. Auditing helps an organization achieve its objectives by systematically evaluating and improving the effectiveness of risk management and control processes.
Q: How are Internal Audits planned?
A: The Internal Audit Office periodically performs assessments of all University operating units and control functions to identify areas of potential institutional risk. Based on these discussions and assessments with management, the director of Internal Audit recommends an annual audit plan, which is approved by the Audit Committee of the Board of Trustees.
The Internal Audit Office also responds to special requests from University and department management, inquiries received from members of the AUB community, and special requests from external parties.
Q: How are departments selected for an internal audit?
A: Areas are selected for internal audit based on an assessment of institutional risk. Risk can take various forms such as loss of assets, loss of receipts, inappropriate payment of expenses, failure to properly record transactions accurately, errors or omissions (either accidental or intentional), or failure to follow management's established policies and procedures. Areas with a high degree of expected risk are subject to more frequent audit.
Some audits are discretionary and involve departmental, operational, or process reviews. The director of Internal Audit schedules these reviews in consultation with the University senior management. The director of Internal Audit prioritizes audits based on the following factors:
1) Assessment of risk
2) Management requests
3) Significant organizational policy or procedural changes
4) Information system installation or modification
Q: Why us?
A: Auditees frequently ask "Why us?" or "What did we do wrong?" when being audited. Departments may be audited because
1) Manager requested a review of the area,
2) Regulatory audit instituted by law, or
3) Organizational policy or procedural changes have occurred that should be reviewed. The review will assist management in ensuring that the area is complying with policies and procedures. Recommendations are aimed at improving a process, increasing efficiency in an operation, or improving internal controls.
Q: How can I cooperate with Internal Audit at AUB?
A: Each audit engagement has a defined scope and objectives. Any auditor requesting information from you should be able to explain the audit's purpose and objectives so you can understand the reasons for questions being asked and provide accurate answers.
    The audit process works best when we have a shared working relationship. We hope you will extend relationship beyond a particular audit. We have developed an understanding of your operation and are available to consult on organizational or operational changes.
    When you understand the audit's purpose, you can assist by either providing relevant information or, if you are not the best source of the requested information, directing the auditor to the right person or office.
    If you have questions or concerns about information being requested, it is appropriate to discuss those concerns with the auditor, an Internal Audit manager, or the director of Internal Audit.
Q: What occurs during an audit?
A: Common elements of an internal audit engagement includes the following:
1. Scheduling an opening meeting to discuss audit objectives, timing, and scope of work
2. Evaluating internal control systems
3. Testing to ensure proper operation of internal control systems
4. Developing conclusions and suggesting recommendations based on results
5. Reviewing audit control issues and draft audit reports with management and staff
6. Preparing and distributing to the Audit Committee and management an audit report which generally include management's responses to the control issues raised
7. Following up to ensure that all audit recommendations have been implemented
Q: Audit Process

Although every audit process is unique, the audit process is similar for most engagements and usually consists of three stages: preliminary review, fieldwork, and closure. Through these stages, we want to determine ways to minimize risks and increase efficiency within your area taking a University system-wide approach. 
As in any special project, an audit results in a certain amount of time being diverted from your department’s usual routine. Our objective is to perform the audit efficiently and effectively to minimize the disruption of your ongoing activities.

  1. Pre-Audit Meeting:
    2.  During this meeting, you will be asked to describe the department or system to be reviewed, the organization, available resources, and other pertinent information. We usually meet with the department head and any other staff members you wish to include. You are encouraged to identify issues or concerns that you would like to have addressed during the audit.
  2. Preliminary Survey:
    3.  After the decision has been made to audit your area, we gather information about your processes and procedures. We talk with key personnel and review various sources of written documentation. We then review and evaluate the existing control structure and identify the audit objectives. Finally we plan the remaining audit steps necessary to achieve the objectives.
  3. Internal Control Review: We will review your area’s internal control structure, defined as all measures used by the University for the purposes of 1) Safeguarding its assets against waste, loss, fraud and inefficiency; 2) Promoting accuracy and reliability in accounting and operating data; 3) Encouraging and measuring compliance with University policy; and 4) Judging the efficiency of operations. In doing so, we use an assortment of tools and techniques to gather and analyze information about your operation. This review of internal controls helps us determine the areas of highest risk and design tests to be performed in the fieldwork section.
  1. Audit Program

    2. The preliminary review stage concludes with an audit program. This program outlines the fieldwork necessary to achieve the audit objectives.
  2. Fieldwork

    3. The fieldwork involves gathering data and identifying opportunities for continuous process improvement. It is during this phase that we determine whether the controls identified during the preliminary review are operating in an appropriate manner.
  3. Communications

    4. We strive to keep you informed of our progress during fieldwork. If you have any questions or comments, please contact us.
  4. Draft Audit Report

    5. An audit report will be drafted after completion of the fieldwork. This report, along with our work papers, goes through an extensive review process by our office management. The report, in draft format, will be sent for your review and management responses.
  5. Exit Conference

    6. At this stage, we meet with you to review the draft audit report. You will be given the opportunity to comment and suggest changes. We will work together to reach agreement on its content.
  6. Formal Response

    7. Your formal written response to actions requested should be coordinated and submitted through appropriate management. This should include your plan of action and time lines for implementation. Management will then recommend audit closure, if appropriate.
  7. Final Report

    8. This report is signed off by the director of Internal Audit and is typically for use by University management. The final report will be circulated to senior management, including but not limited to president, Audit Committee, vice president responsible, audit client, and in some instances external auditors.
  8. Audit Follow Up

    9. We may perform a follow up review to verify that actions implemented had the intended results. This audit repeats the normal audit process but is limited in scope based on the final report and corresponding formal response.
  9. Audit Closure
    We review your formal written response and if we agree that your plan of action will improve operational efficiency and effectiveness in a timely manner, we will recommend closure of the audit report. After assurance that all issues have been satisfactorily addressed, the director of Internal Audit will close the audit.

Your Comments
As part of our evaluation program, we ask you to comment on our performance. This feedback will be beneficial because we plan to improve our procedures as a result of your suggestions. If you have been audited, please complete the Audit Process Questionnaire and submit it to the Internal Audit Office.
Q: Who audits the Internal Audit Office?
 A: An outside review team performs a peer review and assesses the quality of our function and makes recommendations directly to the Audit Committee

AUB claims no responsibility for the material published on its site. All photographs and images are copyright © American University of Beirut unless otherwise noted.
Contact: auditor@aub.edu.lb